CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

vproxy Divide by Zero DoS Vulnerability

Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...

GHSA-7H24-C332-P48C vproxy Divide by Zero DoS Vulnerability

Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...

PT-2025-31441 · Vproxy · Vproxy

Name of the Vulnerable Software and Affected Versions: vproxy versions 2.3.3 and below Description: vproxy is an HTTP/HTTPS/SOCKS5 proxy server. Untrusted data from the user-controlled HTTP Proxy-Authorization header is passed to Extension::try from and then to parse ttl extension where it is...

curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling

Summary A logic flaw in libcurl version 8.14.1 allows an attacker to bypass restrictive HTTP proxy firewalls by "tunneling" an arbitrary HTTP verb within a CONNECT request. By setting CURLOPTCUSTOMREQUEST to CONNECT for a standard http:// URL, an attacker can trick libcurl into creating a hybrid...

AZL-64367 CVE-2025-6442 affecting package rubygem-webrick for versions less than 1.7.0-2

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. HTTP Proxy bypass using IPv6 Zone IDs can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Spring Framework...

TencentOS Server 2: curl (TSSA-2023:0311)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0311 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Malicious code in http-proxy-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7998e5d5542dec49e826d015f403fed34b411fdd9e28030aea1c3aa0fc4657ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4834 Malicious code in http-proxy-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7998e5d5542dec49e826d015f403fed34b411fdd9e28030aea1c3aa0fc4657ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for CVE-2025-22870

PoC – CVE-2025-22870 – HTTP Proxy Bypass via IPv6 Zone ID in G...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2020-5883

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak...

CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

CVE-2019-17598

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

CVE-2011-4661

A memory leak vulnerability exists in Cisco IOS before 15.21T due to a memory leak in the HTTP PROXY Server process aka CSCtu52820, when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured...

CVE-2005-1340

The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy...

CVE-2003-0803

Nokia Electronic Documentation NED 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user...